First Last Prev Next    This bug is not in your last search results.
Bug 47063 - linux: Multiple issues (4.2)
linux: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-4-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-24 10:41 CEST by Philipp Hahn
Modified: 2018-08-22 15:03 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Attachments
bug47063_upstream_patches.diff (13.01 KB, patch)
2018-08-21 21:16 CEST, Arvid Requate 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-05-24 10:41:53 CEST 
grep -l '^4[.]9-upstream-stable:.*4[.]9[.]\(9[0-9]\|10[0-9]\)' */CVE-????-*|sort -t/ -k2.5n -k2.10n|xargs grep ^Description|cut -d/ -f2-|cut -d: -f1,3-

CVE-2017-17975: Double-free in usbtv driver
CVE-2017-18218: net: hns: Fix a skb used after free bug
CVE-2017-18222: net: hns: fix ethtool_get_strings overflow in hns driver
CVE-2017-18255: DoS in perf_cpu_time_max_percent_handler
CVE-2017-18257: f2fs: fix a dead loop in f2fs_fiemap()
CVE-2018-1066: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel
CVE-2018-1087: kvm/x86: fix icebp instruction handling
CVE-2018-1092: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
CVE-2018-1093: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image
CVE-2018-1108: random: fix crng_ready() test
CVE-2018-1120: FUSE-backed /proc/PID/cmdline
CVE-2018-1130: dccp: check sk for closed state in dccp_sendmsg()
CVE-2018-3639: Speculative Store Bypass
CVE-2018-7757: scsi: libsas: fix memory leak in sas_smp_get_phy_events()
CVE-2018-8781: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space
CVE-2018-8822: ncpfs: memory corruption in ncp_read_kernel()
CVE-2018-8897: x86/entry/64: Don't use IST entry for #BP stack
CVE-2018-10087: kernel/exit.c: avoid undefined behaviour when calling wait4()
CVE-2018-10940: cdrom: information leak in cdrom_ioctl_media_changed()
CVE-2018-1000199: perf/hwbp: Simplify the perf-hwbp code, fix documentation
Comment 1 Philipp Hahn univentionstaff 2018-05-24 10:44:52 CEST 
r18135 | Bug #47063: linux-4.9.102

repo_admin.py --cherrypick -r 4.2 -s errata4.2-3 --releasedest 4.2 --dest errata4.2-4 -p linux

Package: linux
Version: 4.9.30-2A~4.2.0.201805241043
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 2 Philipp Hahn univentionstaff 2018-05-24 10:54:02 CEST 
[4.2-4] eeac267c87 Bug #47063: linux-4.9.102 WIP
 doc/errata/staging/linux.yaml                      | 73 ++++++++++++++++++++++
 .../staging/univention-kernel-image-signed.yaml    | 73 ++++++++++++++++++++++
 doc/errata/staging/univention-kernel-image.yaml    | 73 ++++++++++++++++++++++
Comment 3 Philipp Hahn univentionstaff 2018-05-24 11:02:40 CEST 
[4.2-4] 10f6180761 Bug #47063 kernel: linux-4.9.102
 kernel/univention-kernel-image/debian/changelog | 6 ++++++
 kernel/univention-kernel-image/debian/rules     | 2 +-

Package: univention-kernel-image
Version: 10.0.0-13A~4.2.0.201805241058
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] ba7c24afd8 Bug #47063: linux-4.9.102 WIP
 doc/errata/staging/univention-kernel-image.yaml | 2 +-
Comment 4 Philipp Hahn univentionstaff 2018-05-26 07:56:11 CEST 
r18136 | Bug #47063: linux-4.9.103

CVE-2018-10021: ata qc leak in drivers/scsi/libsas/sas_scsi_host.c allows local users to cause denial-of-service

Package: linux
Version: 4.9.30-2A~4.2.0.201805260747
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] dbcf3d4813 Bug #47063: linux-4.9.103 WIP
 doc/errata/staging/linux.yaml                          | 7 +++++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 5 ++++-
 doc/errata/staging/univention-kernel-image.yaml        | 5 ++++-
 3 files changed, 13 insertions(+), 4 deletions(-)
Comment 5 Philipp Hahn univentionstaff 2018-05-28 13:57:29 CEST 
[4.2-4] bba9796ac9 Bug #47063: Update to linux-4.9.103-ucs110
 .../univention-kernel-image-signed/debian/changelog   |  12 ++++++++++++
 kernel/univention-kernel-image-signed/debian/control  |  10 +++++-----
 .../vmlinuz-4.9.0-ucs109-amd64.efi.signed             | Bin 4089168 -> 0 bytes
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed             | Bin 0 -> 4092144 bytes

Package: univention-kernel-image-signed
Version: 3.0.2-24A~4.2.0.201805281211
Branch: ucs_4.2-0
Scope: errata4.2-4

OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.103)
 Speculative Store Bypass: Vulnerable
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ kvm-SeaBIOS
OK: amd64 @ xen1

FYI: 4.9.104 with 329 patches is in the review phase
Comment 6 Philipp Hahn univentionstaff 2018-05-30 11:02:26 CEST 
r18136 | Bug #47063: linux-4.9.104
CVE-2018-6412 kernel: Incorrect integer signedness in sbuslibc:sbusfb_ioctl_helper() allows for information leakage
CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service

Package: linux
Version: 4.9.30-2A~4.2.0.201805301101
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 7 Philipp Hahn univentionstaff 2018-06-01 14:47:16 CEST 
r18146 | Bug #47063: linux-4.9.104
r18148 | Bug #47063: linux-4.9.105

Package: linux
Version: 4.9.30-2A~4.2.0.201805310724
Branch: ucs_4.2-0-errata4.2-4
Scope: errata4.2-4

[4.2-4] af68f43b30 Bug #47063: Update to linux-4.9.105-ucs110
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed          | Bin 4092144 -> 4095472 bytes
 2 files changed, 6 insertions(+)

Package: univention-kernel-image-signed
Version: 3.0.2-25A~4.2.0.201806011222
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] 8db3646c96 Bug #47063: linux-4.9.105
 doc/errata/staging/linux.yaml                          | 11 +++++++++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 11 +++++++++--
 doc/errata/staging/univention-kernel-image.yaml        |  9 ++++++++-

OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.105)
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ kvm-SeaBIOS
OK: amd64 @ xen1
Comment 8 Philipp Hahn univentionstaff 2018-06-14 12:25:08 CEST 
r18175 | Bug #47063: linux-4.9.108
r18176 | Bug #47063: linux-4.9.108 p

~/REPOS/repo-ng/build-package/build-package-ng -r 4.2-4 -s errata4.2-4 -p linux

Package: linux
Version: 4.9.30-2A~4.2.4.201806141224
                       ^
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 9 Philipp Hahn univentionstaff 2018-06-16 15:23:48 CEST 
Package: linux
Version: 4.9.30-2A~4.2.0.201806141629
Branch: ucs_4.2-0-errata4.2-4
Scope: errata4.2-4

[4.2-4] 86906089b1 Bug #47063: Update to linux-4.9.108-ucs110

Package: univention-kernel-image-signed
Version: 3.0.2-26A~4.2.0.201806161507
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] f02eecae80 Bug #47063: linux-4.9.108
 doc/errata/staging/linux.yaml                          | 4 ++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++--
 doc/errata/staging/univention-kernel-image.yaml        | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)


r18178 | Bug #47063: linux-4.9.108

Package: linux
Version: 4.9.30-2A~4.2.4.201806161523
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 10 Philipp Hahn univentionstaff 2018-06-17 08:32:08 CEST 
Package: linux
Version: 4.9.30-2A~4.2.4.201806161523
Branch: ucs_4.2-0-errata4.2-4
Scope: errata4.2-4

[4.2-4] ca926a14ef Bug #47063: Update to linux-4.9.109-ucs110
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed          | Bin 4098352 -> 4090736 bytes
 2 files changed, 6 insertions(+)

Package: univention-kernel-image-signed
Version: 3.0.2-27A~4.2.0.201806170756
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] 2fa8b0a5e7 Bug #47063: linux-4.9.109 YAML
 doc/errata/staging/linux.yaml                          | 4 ++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++--
 doc/errata/staging/univention-kernel-image.yaml        | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.105)
+ Speculative Store Bypass: Vulnerable
- x86/fpu: Using 'eager' FPU context switches.
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ kvm-SeaBIOS
OK: amd64 @ xen1
Comment 11 Arvid Requate univentionstaff 2018-07-04 13:40:32 CEST 
7d8c8eea02 | UCS 4.2-3 is out of maintainance
Comment 12 Quality Assurance univentionstaff 2018-07-04 16:02:28 CEST 
--- mirror/ftp/4.2/unmaintained/4.2-4/source/univention-kernel-image_10.0.0-12A~4.2.0.201802151039.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/univention-kernel-image_10.0.0-13A~4.2.0.201805241058.dsc
@@ -1,6 +1,10 @@
-10.0.0-12A~4.2.0.201802151039 [Thu, 15 Feb 2018 10:39:34 +0100] Univention builddaemon <buildd@univention.de>:
+10.0.0-13A~4.2.0.201805241058 [Thu, 24 May 2018 10:58:24 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
+
+10.0.0-13 [Thu, 24 May 2018 10:56:07 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.81-ucs110
 
 10.0.0-12 [Thu, 15 Feb 2018 10:38:47 +0100] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.2-4/#6697111479708309984>
Comment 13 Quality Assurance univentionstaff 2018-07-04 16:02:30 CEST 
--- mirror/ftp/4.2/unmaintained/4.2-4/source/univention-kernel-image-signed_3.0.2-22A~4.2.0.201803231159.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/univention-kernel-image-signed_3.0.2-27A~4.2.0.201806170756.dsc
@@ -1,6 +1,26 @@
-3.0.2-22A~4.2.0.201803231159 [Fri, 23 Mar 2018 11:59:02 +0100] Univention builddaemon <buildd@univention.de>:
+3.0.2-27A~4.2.0.201806170756 [Sun, 17 Jun 2018 07:56:57 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
+
+3.0.2-27 [Sun, 17 Jun 2018 07:50:15 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.109-ucs110
+
+3.0.2-26 [Sat, 16 Jun 2018 09:16:21 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.108-ucs110
+
+3.0.2-25 [Fri, 01 Jun 2018 12:07:46 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.105-ucs110
+
+3.0.2-24 [Mon, 28 May 2018 11:59:01 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.103-ucs110
+
+3.0.2-23 [Thu, 24 May 2018 11:00:54 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #47063: Update to linux-4.9.89-ucs110
 
 3.0.2-22 [Fri, 23 Mar 2018 11:56:35 +0100] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.2-4/#6697111479708309984>
Comment 14 Quality Assurance univentionstaff 2018-07-04 16:02:32 CEST 
--- mirror/ftp/4.2/unmaintained/4.2-4/source/linux_4.9.30-2A~4.2.0.201803221415.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/linux_4.9.30-2A~4.2.4.201806161523.dsc
@@ -1,4 +1,4 @@
-4.9.30-2A~4.2.0.201803221415 [Thu, 22 Mar 2018 14:15:04 +0100] Univention builddaemon <buildd@univention.de>:
+4.9.30-2A~4.2.4.201806161523 [Sat, 16 Jun 2018 15:23:05 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     10_backport
@@ -79,6 +79,28 @@
     60_patch-4.9.87
     60_patch-4.9.88
     60_patch-4.9.89
+    60_patch-4.9.90
+    60_patch-4.9.91
+    60_patch-4.9.92
+    60_patch-4.9.93
+    60_patch-4.9.94
+    60_patch-4.9.95
+    60_patch-4.9.96
+    60_patch-4.9.97
+    60_patch-4.9.98
+    60_patch-4.9.99
+    61_patch-4.9.100
+    61_patch-4.9.101
+    61_patch-4.9.102
+    61_patch-4.9.103
+    61_patch-4.9.104
+    61_patch-4.9.105
+    61_patch-4.9.106
+    61_patch-4.9.107
+    61_patch-4.9.107_fixup
+    61_patch-4.9.107_fixup
+    61_patch-4.9.108
+    61_patch-4.9.109
 
 4.9.30-2 [Mon, 12 Jun 2017 16:24:30 +0100] Ben Hutchings <ben@decadent.org.uk>:
 

<http://10.200.17.11/4.2-4/#6697111479708309984>
Comment 15 Philipp Hahn univentionstaff 2018-08-01 17:45:20 CEST 
r18200 | Bug #47063: Linux 4.9.116

Package: linux
Version: 4.9.30-2A~4.2.0.201808011018
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] b4e0c32c8d Bug #47063: linux-4.9.116

Package: univention-kernel-image-signed
Version: 3.0.2-28A~4.2.0.201808011549
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] b4e0c32c8d Bug #47063: linux-4.9.116
 doc/errata/staging/linux.yaml                          | 20 ++++++++++++++++++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 20 ++++++++++++++++++--
 doc/errata/staging/univention-kernel-image.yaml        | 18 +++++++++++++++++-
 3 files changed, 53 insertions(+), 5 deletions(-)

OK: amd64 @ kvm-SeaBIOS
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ xen1
Comment 16 Philipp Hahn univentionstaff 2018-08-08 09:51:14 CEST 
r18237 | Bug #47063: Linux 4.9.118

Package: linux
Version: 4.9.30-2A~4.2.0.201808080917
Branch: ucs_4.2-0
Scope: errata4.2-4

CVE-2017-18216: ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
CVE-2017-18224: ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()
CVE-2018-1118: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
CVE-2018-5390: Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-10876: use-after-free in jbd2_journal_commit_transaction()
CVE-2018-10877: out-of-bound access in ext4_ext_drop_refs()
CVE-2018-10878: out-of-bound write in ext4_init_block_bitmap()
CVE-2018-10881: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
CVE-2018-10882: stack-out-of-bounds write infs/jbd2/transaction.c
CVE-2018-10883: stack-out-of-bounds write in jbd2_journal_dirty_metadata()
CVE-2018-13405: Fix up non-directory creation in SGID directories
CVE-2018-13406: video: uvesafb: Fix integer overflow in allocation
CVE-2018-14734: infiniband: fix a possible use-after-free bug

4.9.119 is scheduled for tomorrow.
CVE 2018-9363 remains unfixed.

[4.2-4] 0c6eed22cd Bug #47063: Linux 4.9.118 YAML
 doc/errata/staging/linux.yaml                        | 20 ++++++++++++++++++--
 .../staging/univention-kernel-image-signed.yaml      | 20 ++++++++++++++++++--
 doc/errata/staging/univention-kernel-image.yaml      | 18 +++++++++++++++++-
 3 files changed, 53 insertions(+), 5 deletions(-)

TBC...
Comment 17 Philipp Hahn univentionstaff 2018-08-08 15:30:37 CEST 
[4.2-4] 9c6b6b5eae Bug #47063: Update to linux-4.9.118-ucs110
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed          | Bin 4098864 -> 4097776 bytes
 2 files changed, 6 insertions(+)

Package: univention-kernel-image-signed
Version: 3.0.2-29A~4.2.0.201808081458
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] ae54b3bd1f Bug #47063: Linux-signed 4.9.118 YAML
 doc/errata/staging/univention-kernel-image-signed.yaml | 2 +-

OK: amd64 @ kvm-SeaBIOS
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ xen1
Comment 18 Philipp Hahn univentionstaff 2018-08-10 19:13:17 CEST 
r18252 | Bug #47063: Linux 4.9.119

Package: linux
Version: 4.9.30-2A~4.2.0.201808101912
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 19 Philipp Hahn univentionstaff 2018-08-13 09:59:16 CEST 
4.9.119 fixes:
* CVE-2018-12233: Memory corruption in JFS setattr

Package: univention-kernel-image-signed
Version: 3.0.2-30A~4.2.0.201808130904
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] 1e5cc5fdd6 Bug #47063: univention-kernel-image-signed 3.0.2-30A~4.2.0.201808130904
 doc/errata/staging/univention-kernel-image-signed.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

OK: amd64 @ kvm-SeaBIOS
OK: i386 @ kvm-SeaBIOS
OK: amd64 @ kvm+OVMF+SB
OK: amd64 @ xen1
Comment 20 Philipp Hahn univentionstaff 2018-08-16 13:01:47 CEST 
r18257 | Bug #47063: Linux 4.9.120

Package: linux
Version: 4.9.30-2A~4.2.0.201808161300
Branch: ucs_4.2-0
Scope: errata4.2-4

CVE-2018-3646: L1 Terminal Fault
Comment 21 Philipp Hahn univentionstaff 2018-08-17 10:32:10 CEST 
(In reply to Philipp Hahn from comment #20)
> r18257 | Bug #47063: Linux 4.9.120

4.9.121 is already in in the patch-review phase and is scheduled for tomorrow; I will skip 120 and import that newer version as it contains more L1tF fixes and also fixes CVE-2018-9363.
Comment 22 Philipp Hahn univentionstaff 2018-08-17 15:08:10 CEST 
For testing L1TF I needed the fixed kernel anyway, so here it is:

Package: univention-kernel-image-signed
Version: 3.0.2-31A~4.2.0.201808171440
Branch: ucs_4.2-0
Scope: errata4.2-4

4.2-4] f70fe68a79 Bug #47063: linux 4.9.120
 doc/errata/staging/linux.yaml                          | 7 +++++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 7 +++++--
 doc/errata/staging/univention-kernel-image.yaml        | 5 ++++-
 3 files changed, 14 insertions(+), 5 deletions(-)

[4.2-4] e605bb350c Bug #47063: Update to linux-4.9.120-ucs110
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed          | Bin 4093808 -> 4101872 bytes
 2 files changed, 6 insertions(+)

OK: flags +=(eagerfpu flush_l1d ssbd ibrs ibpb stibp) with µCode-2018-08-07
Comment 23 Philipp Hahn univentionstaff 2018-08-20 14:29:42 CEST 
r18259 | Bug #47063: Linux 4.9.122

Package: linux
Version: 4.9.30-2A~4.2.0.201808201429
Branch: ucs_4.2-0
Scope: errata4.2-4
Comment 24 Philipp Hahn univentionstaff 2018-08-21 13:29:14 CEST 
[4.2-4] 71b925b41a Bug #47063: Update to linux-4.9.122-ucs110
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-ucs110-amd64.efi.signed          | Bin 4101872 -> 4099056 bytes
 2 files changed, 6 insertions(+)

Package: univention-kernel-image-signed
Version: 3.0.2-32A~4.2.0.201808211106
Branch: ucs_4.2-0
Scope: errata4.2-4

[4.2-4] 74d304d236 Bug #47063: linux 4.9.122
 doc/errata/staging/linux.yaml                          | 12 ++++++++++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 12 ++++++++++--
 doc/errata/staging/univention-kernel-image.yaml        | 10 +++++++++-
 3 files changed, 29 insertions(+), 5 deletions(-)

OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64) <(./linux-dmesg-norm 4.9.0-ucs110-amd64)
OK: amd64 @ KVM OVMF+SB
OK: amd64 @ KVM SeaBIOS
OK: i386 @ KVM SeaBIOS
OK: amd64 @ xen1
Comment 25 Arvid Requate univentionstaff 2018-08-21 21:16:30 CEST 
Created attachment 9633 [details]
bug47063_upstream_patches.diff

Weird, 61_patch-4.9.105.quilt has DOS line endings. All other patches not and upstream patch-4.9.104-105.gz neither. Some later quilt files also have litte diffreences of the patch markup, but are otherwise identical to the files I fetched from https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/incr/ , see attached diff. Installation and reboot worked.

I guess the patches are ok, could you have a quick look to confirm?

The ordering of the CVEs is pretty weird too and the description item list order doesn't match the order if the CVE list.
Comment 26 Philipp Hahn univentionstaff 2018-08-22 07:44:51 CEST 
(In reply to Arvid Requate from comment #25)
> Weird, 61_patch-4.9.105.quilt has DOS line endings. All other patches not
> and upstream patch-4.9.104-105.gz neither.

I had to convert to to ISO-8859-1 as the patch otherwise does not apply; the linux.tar.xz from Debian seems to be ISO-8859-1 encoded.

> Some later quilt files also have
> litte diffreences of the patch markup, but are otherwise identical to the
> files I fetched from
> https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/incr/ , see attached
> diff. Installation and reboot worked.

I usually take the patches as mailed by GKH.

> I guess the patches are ok, could you have a quick look to confirm?

Yes, they are okay.

> The ordering of the CVEs is pretty weird too and the description item list
> order doesn't match the order if the CVE list.

I tried to sort the descriptive text by hand, but the CVE list is the order in which the CVEs were fixed upstream; they are sorted when the errata mail/html is generated.
Comment 27 Philipp Hahn univentionstaff 2018-08-22 08:26:59 CEST 
(In reply to Philipp Hahn from comment #26)
> (In reply to Arvid Requate from comment #25)
> > The ordering of the CVEs is pretty weird too and the description item list
> > order doesn't match the order if the CVE list.
> 
> I tried to sort the descriptive text by hand, but the CVE list is the order
> in which the CVEs were fixed upstream; they are sorted when the errata
> mail/html is generated.

Re-sorted:
[4.2-4] f512cef142 Bug #47063: linux 4.9.122 YAML
 doc/errata/staging/linux.yaml                          | 4 ++--
 doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++--
 doc/errata/staging/univention-kernel-image.yaml        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)
Comment 28 Arvid Requate univentionstaff 2018-08-22 10:47:48 CEST 
Ok.
First Last Prev Next    This bug is not in your last search results.